Basically what it does is that it first checks to see if the entered password matches.
Then, it iterates through all the visible endpoints found for Swagger and deletes them from the path so that it does not appear.
Lastly, it removes all the models from showing up which contains structure information.
This is particularly useful when you don’t want others to know how your model looked like to hide any kind of information from leaking.

Method 2: Restricted to Token Authorized Users

Allows the API endpoints and object models to be visible only to authorized users.
First, your application must have enabled a form of token authentication (such as JWT bearer tokens, here is an article).

Create a file and name it something like SwaggerAuthorizationFilter.cs with the contents:

The idea is not too different from before except that now it’ll check for the authorized user’s ID to decide whether or not to show the endpoints.
This hides everything except the login endpoint for the end users so that they can grab the authentication token to login.

Your Startup.cs in the ConfigureServices method will now contain this instead: